Apparatus for verified antispoofing navigation

ABSTRACT

A verified antispoofing navigation apparatus is provided. The apparatus comprises: a primary navigation receiver configured to provide a set of primary measurements related to positioning of a mobile platform; a supplemental navigation device configured to provide a set of supplemental measurements related to positioning of the mobile platform; an identity monitoring device configured to verify an identity of a driver of the mobile platform; and a verification and authentication navigation processor configured to verify authenticity of the set of primary measurements provided by the primary navigation receiver by using the set of supplemental measurements provided by the supplemental navigation device. The verified antispoofing navigation apparatus further comprises: a driver authentication navigation processor configured to provide the driving and rest times of the driver to relevant authorities.

TECHNICAL FIELD

The technology relates to authentication services, and more specificallyto authentication services utilizing positioning from a GNSS source.

BACKGROUND

The Galileo commercial service is one part of the new services availablefrom the Galileo portion of the European Global Navigation SatelliteSystems (GNSS). In particular, features and services available from theGalileo system enable the development of GNSS based authenticationapplications encompassing the users' identity, positioning, velocity andtiming.

Following the EU Directive 2004/52/EC GNSS based electronic tolling forhighways is expanding in Europe. With the growing value associated withtolling using GNSS receivers various techniques are being developed to“play back” signals to create travel logs that indicate that the user isnot on a specific toll route.

In particular, vulnerabilities in the system could enable undesirablemanipulation of data, possibly leading to misleading results. Thereforethere is a need for an added level of verification of obtainedpositioning information before it could be used for legitimate purposes.

SUMMARY

This Summary is provided to introduce a selection of concepts that arefurther described below in the Detailed Description. This Summary is notintended to identify key or essential features of the claimed subjectmatter, nor is it intended to be used as an aid in determining the scopeof the claimed subject matter.

A verified antispoofing navigation apparatus is provided. The apparatuscomprises: a primary navigation receiver configured to provide a set ofprimary measurements related to positioning of a mobile platform; asupplemental navigation device configured to provide a set ofsupplemental measurements related to positioning of the mobile platform;an identity monitoring device configured to verify an identity of adriver of the mobile platform; and a verification and authenticationnavigation processor configured to verify authenticity of the set ofprimary measurements provided by the primary navigation receiver byusing the set of supplemental measurements provided by the supplementalnavigation device.

The verified antispoofing navigation apparatus further comprises: adriver authentication navigation processor configured to provide thedriving and rest times of the driver to relevant authorities.

DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and form a part ofthis specification, illustrate embodiments of the technology and,together with the description, serve to explain the principles below:

FIG. 1 depicts an apparatus for verified antispoofing navigation for thepurposes of the present technology.

FIG. 2 illustrates an apparatus for authenticated verified antispoofingnavigation for the purposes of the present technology.

FIG. 3 is a flow chart of the method of the present technology forverified antispoofing navigation.

DETAILED DESCRIPTION

Reference now is made in detail to the embodiments of the technology,examples of which are illustrated in the accompanying drawings. Whilethe present technology will be described in conjunction with the variousembodiments, it will be understood that they are not intended to limitthe present technology to these embodiments. On the contrary, thepresent technology is intended to cover alternatives, modifications andequivalents, which may be included within the spirit and scope of thevarious embodiments as defined by the appended claims.

Furthermore, in the following detailed description, numerousspecific-details are set forth in order to provide a thoroughunderstanding of the presented embodiments. However, it will be obviousto one of ordinary skill in the art that the presented embodiments maybe practiced without these specific details. In other instances, wellknown methods, procedures, components, and circuits have not beendescribed in detail as not to unnecessarily obscure aspects of thepresented embodiments.

The need for antispoofing navigation can be underscored by the followingexample. The drones that are used to survey the domestic populace, areeasy to hijack. In fact, a determined individual can do it with lessthan $1,000 worth of equipment.

Indeed, in a report aired on Fox News, University of Texas at AustinProfessor Todd Humphreys demonstrated how easy hijacking an unmanneddrone can be. Using a device to “spoof” the navigation signal from theGlobal Positioning System, Humphreys and his team effectively tookcontrol of a small demonstration vehicle. The drone used in Humphrey'spresentation was a small helicopter UAV, similar to the ShadowHawk. Forreference, please follow the link:http://www.geekosystem.com/uav-gps-spoof/

‘Spoofing a GPS receiver on a UAV is just another way of hijacking aplane,’ Humphreys said. By sending out a signal that looks like GPS,Humphreys was able to trick the drone into a new set of commands.

It's worth noting that Humphreys works at the University's Radionavigation Laboratory and is uniquely suited to pull off such a feat.However, the low cost of Humphrey's spoofing device—which Russia Todaydescribed as “the most advanced one ever built”—suggests that this kindof device could be quickly and easily manufactured by even those whodon't understand how it works.

The drawbacks of GPS have been known for a while, but the difficulty inreplacing it with a new standard has yet to gain any real traction. Asunnerving as law enforcement drones running out of control is, the factthat this same kind of attack could easily be done to any of thenumerous GPS devices people interact with on a daily basis. The presentapplication deals with this problem.

FIG. 1 is a block diagram 10 that illustrates an apparatus 14 forverified antispoofing navigation of a mobile platform 12 for thepurposes of the present technology.

In the embodiment of the present technology, the mobile platform 12 isselected from the group consisting of land vehicles: a car, a truck, atrain, a tractor and an earth moving vehicle.

in the embodiment of the present technology, the mobile platform 12 isselected from the group consisting of water vehicles: a boat, a yacht,and a water sport vehicle.

In the embodiment of the present technology, the mobile platform 12 isselected from the group consisting of flying platforms: a lawenforcement drone, a military drone, a commercial drone, a sports plane,and a passenger plane.

In the embodiment of the present technology, the apparatus for verifiedantispoofing navigation 14 comprises: a primary navigation receiver 20,a supplemental navigation device 22, and a verification navigationprocessor 26

In an embodiment of the present technology, the primary navigationreceiver 20 is configured to receive navigation signals 19 by using anantenna 18 from a radio positioning system 16.

In an embodiment of the present technology, the radio positioning system16 is selected from the group consisting of: a Galileo navigationreceiver; a GPS navigation receiver: a GLONASS navigation receiver; aCompass navigation receiver; a Quasi-Zenith Satellite System (QZSS)navigation receiver; a combined multi-satellite navigation receiver; anda pseudolite navigation receiver (including a Trimble Terralite and aLocata receiver).

In an embodiment of the present technology, the radio positioning system18 can be implemented by using the Global Positioning System (GPS). TheGPS is a space-based satellite navigation system that provides locationand time information in all weather conditions, anywhere on or near theEarth where there is an unobstructed line of sight to four or more GPSsatellites. The system provides critical capabilities to military, civiland commercial users around the world. It is maintained by the UnitedStates government and is freely accessible to anyone with a GPSreceiver.

The GPS project was developed in 1973 to overcome the limitations ofprevious navigation systems, integrating ideas from severalpredecessors, including a number of classified engineering designstudies from the 1960s. GPS was created and realized by the U.S.Department of Defense (DoD) and was originally run with 24 satellites.It became fully operational in 1994.

Advances in technology and new demands on the existing system have nowled to efforts to modernize the GPS system and implement the nextgeneration of GPS III satellites and Next Generation Operational ControlSystem (OCX). Announcements from the Vice President and the White Housein 1998 initiated these changes. In 2000, U.S. Congress authorized themodernization effort, referred to as GPS III.

In an embodiment of the present technology, the radio positioning system18 can be implemented by using GLONASS or Global Navigation SatelliteSystem. GLONASS is a radio-based satellite navigation system operatedfor the Russian government by the Russian Aerospace Defense Forces. Itboth complements and provides an alternative to the United States'Global Positioning System (GPS) and is the only alternative navigationalsystem in operation with global coverage and of comparable precision.

Development of GLONASS began in the Soviet Union in 1976. Beginning on12 Oct. 1982, numerous rockets launches added satellites to the systemuntil the “constellation” was completed in 1995. During the 2000s, underVladimir Putin's presidency, the restoration of the system was made atop government priority and funding was substantially increased. GLONASSis the most expensive program of the Russian Federal Space Agency,consuming a third of its budget in 2010.

By 2010, GLONASS had achieved 100% coverage of Russia's territory and inOctober 2011, the full orbital constellation of 24 satellites wasrestored, enabling full global coverage. The GLONASS satellites' designshave undergone several upgrades, with the latest version beingGLONASS-K.

In an embodiment of the present technology, the radio positioning system18 can be implemented by using Compass, or the BeiDou NavigationSatellite System (BDS). Compass is a Chinese satellite navigationsystem. It consists of two separate satellite constellations—a limitedtest system that has been operating since 2000, and a full-scale globalnavigation system that is currently under construction.

The first BeiDou system, officially called the BeiDou SatelliteNavigation Experimental System and also known as BeiDou-1, consists ofthree satellites and offers limited coverage and applications. It hasbeen offering navigation services, mainly for customers in China andneighboring regions, since 2000.

The second generation of the system officially called the BeiDouSatellite Navigation System (BDS) and also known as COMPASS or BeiDou-2,will be a global satellite navigation system consisting of 35satellites, and is under construction as of January 2013. It becameoperational in China in December 2011, with 10 satellites in use, andbegan offering services to customers in the Asia-Pacific region inDecember 2012. It is planned to begin serving global customers upon itscompletion in 2020.

In an embodiment of the present technology, the radio positioning system18 can be implemented by using the Quasi-Zenith Satellite System (QZSS).QZSS is a proposed three-satellite regional time transfer system andSatellite Based Augmentation System for the Global Positioning System,that would be receivable within Japan. The first satellite ‘Michibiki’was launched on 11 Sep. 2010. Full operational status is expected by2013. Authorized by the Japanese government in 2002, work on a conceptfor a Quasi-Zenith Satellite System (QZSS), began development by theAdvanced Space Business Corporation (ASBC) team, including MitsubishiElectric, Hitachi, and GNSS Technologies Inc. However, ASBC collapsed in2007. The work was taken over by the Satellite Positioning Research andApplication Center. SPAC is owned by four departments of the Japanesegovernment: the Ministry of Education, Culture, Sports, Science andTechnology, the Ministry of Internal Affairs and Communications, theMinistry of Economy, Trade and Industry, and the Ministry of Land,Infrastructure and Transport.

QZSS is targeted at mobile applications, to provide communications-basedservices (video, audio, and data) and positioning information. Withregards to its positioning service, QZSS can only provide limitedaccuracy on its own and is not currently required in its specificationsto work in a stand-alone mode. As such, it is viewed as a GNSSAugmentation service. Its positioning service could also collaboratewith the geostationary satellites in Japan's Multi-Functional TransportSatellite (MTSAT), currently under development, which itself is aSatellite Based Augmentation System similar to the U.S. Federal AviationAdministration's Wide Area Augmentation System (WAAS).

In an embodiment of the present technology, the radio positioning system18 can be implemented by using Galileo. Galileo is a global navigationsatellite system (GNSS) currently being built by the European Union (EU)and European Space Agency (ESA). The

5 billion project is named after the Italian astronomer Galileo Galileo.One of the aims of Galileo is to provide a high-precision positioningsystem upon which European nations can rely, independently from theRussian GLONASS, US GPS, and Chinese Compass systems, which can bedisabled in times of war or conflict.

When in operation, it will use two ground operations centers nearMunich, Germany and in Fucino, Italy. In December 2010, EU ministers inBrussels voted Prague, Czech Republic as the headquarters of the Galileoproject. On 21 Oct. 2011, the first two of four operational satelliteswere launched to validate the system. The next two followed on 12 Oct.2012, making it “possible to test Galileo end-to-end”. Once thisIn-Orbit Validation (IOV) phase has been completed, additionalsatellites will be launched to reach Initial Operational Capability(IOC) around mid-decade. Full completion of the 30-satellite Galileosystem (27 operational and three active spares) is expected by 2019.

Basic navigation services will be free of charge. Galileo is intended toprovide horizontal and vertical position measurements within 1 meterprecision and better positioning services at high latitudes than otherpositioning systems. As a further feature, Galileo will provide a uniqueglobal search and rescue (SAR) function. Satellites will be equippedwith a transponder which will relay distress signals from the user'stransmitter to the Rescue Co-ordination Centre, which will then initiatethe rescue operation. At the same time, the system will provide a signalto the users, informing them that their situation has been detected andthat help is on the way. This latter feature is new and is considered amajor upgrade compared to the existing GPS and GLONASS navigationsystems, which do not provide feedback to the user.

The use of basic (low-precision) Galileo services will be free and opento everyone. The high-precision capabilities will be available forpaying commercial users (please, see below: authenticated services basedon commercial usage of E6 signals) and for military use.

In an embodiment of the present technology, the primary navigationreceiver 20 is configured to receive the navigation signals from acombination of at least 4 visible satellites including a GPS satellite,and/or a Galileo satellite, and/or a GLONASS satellite, and/or a Compasssatellite, and/or a Quasi-Zenith Satellite System (QZSS) satellite.

In an embodiment of the present technology, the radio positioning system18 can be implemented by using a pseudolite. Pseudolite is a contractionof the term “pseudo-satellite,” used to refer to something that is not asatellite which performs a function commonly in the domain ofsatellites. Pseudolites are most often small transceivers that are usedto create a local, ground-based GPS alternative. The range of eachtransceiver's signal is dependent on the power available to the unit.

Being able to deploy one's own positioning system, independent of aradio satellite system, a pseudolite can be useful in situations wherethe normal satellite signals are either blocked/jammed (militaryconflicts), or simply not available (exploration of other planets).

In an embodiment of the present technology, the primary navigationreceiver 20 is selected from the group consisting of: an autonomous GPSsatellite navigation receiver; a differential GPS satellite navigationreceiver; and an RTK GPS satellite navigation receiver.

In an embodiment of the present technology, the primary navigationreceiver 20 (of FIG. 1) comprises a differential GPS satellitenavigation receiver. In differential position determination, many of theerrors in the Radio Positioning System (RADPS) signals that compromisethe accuracy of absolute position determination are similar in magnitudefor stations that are physically close. The effect of these errors onthe accuracy of differential position determination is thereforesubstantially reduced by a process of partial error cancellation. Thus,the differential positioning method is far more accurate than theabsolute positioning method, provided that the distances between thesestations are substantially less than the distances from these stationsto the satellites, which is the usual case. Differential positioning canbe used to provide location coordinates and distances that are accurateto within a few centimeters in absolute terms. The differential GPSprocessor can include: (a) a real time code differential GPS; (b) apost-processing differential GPS; (c) a real-time kinematic (RTK)differential GPS that includes a code and carrier RTK differential GPSprocessor.

The differential GPS receiver can obtain the differential correctionsfrom different sources. Referring still to FIG. 1, in an embodiment ofthe present technology, the differential corrections can be obtainedfrom a Base Station (not shown).

The fixed Base Station (BS) placed at a known location determines therange and range-rate measurement errors in each received GPS signal andcommunicates these measurement errors as corrections to be applied bylocal users. The Base Station (BS) has its own imprecise clock with theclock bias CBBASE. As a result, the local users are able to obtain moreaccurate navigation results relative to the Base Station location andthe Base Station clock. With proper equipment, a relative accuracy of 5meters should be possible at distances of a few hundred kilometers fromthe Base Station.

Referring still to FIG. 1, in an embodiment of the present technology,the primary navigation receiver 20 can be implemented by using a TRIMBLEAg GPS-132 receiver that obtains the differential corrections from theU.S. Coast Guard service free in 300 kHz band broadcast by using thewireless communication device (not shown) and the wireless communicationlink (not shown). In this embodiment, the mobile radio positioningsystem receiver 12 should be placed within (2-300) miles from the U. S.Coast Guard Base Station. The accuracy of this differential GPS methodis about 50 cm.

Referring still to FIG. 1, in an embodiment of the present technology,the differential corrections can be obtained from the Wide AreaAugmentation System (WAAS). The WAAS system includes a network of BaseStations that uses satellites (initially geostationary satellites-GEOs)to broadcast GPS integrity and correction data to GPS users. The WAASprovides a ranging signal that augments the GPS, which is the WAASranging signal, is designed to minimize the standard GPS receiverhardware modifications. The WAAS ranging signal utilizes the GPSfrequency and GPS-type of modulation, including only aCoarse/Acquisition (C/A) PRN code. In addition, the code phase timing issynchronized to GPS time to provide a ranging capability. To obtain theposition solution, the WAAS satellite can be used as any other GPSsatellite in satellite selection algorithm. The WAAS provides thedifferential corrections free of charge to a WAAS-compatible user. Theaccuracy of this method is specified at 1.6 meters.

Referring still to FIG. 1, in an embodiment of the present technology,the primary navigation receiver 20 comprising differential GPS processorcan obtain a differential GPS radio navigation receiver can obtain thedifferential corrections from the Virtual Base Station (VBS) (not shownradio navigation receiver) by using the wireless communication device(not shown) and the wireless communication link (not shown).

Indeed, the Virtual Base Station (VBS) is configured to deliver anetwork-created correction data to a multiplicity of rovers via aconcatenated communications link consisting of a single cellularconnection, and a radio transmission or broadcasting system. Thelocation of the radio transmitting system can be co-located with a GPSBase Station designated as the position of the local Virtual ReferenceStation. This GPS Base Station determines its position using GPS, andtransmits its location to the VRS Base Station via a cellular linkbetween the local GPS Base Station and the VRS Base Station. It enablesthe VRS Base Station to generate differential corrections as if suchdifferential corrections were actually being generated at the real GPSBase Station location.

Referring still to FIG. 1, in an embodiment of the present technology,the primary navigation receiver 20 comprising a real time kinematic(RTK) differential GPS processor can obtain the position locations withless than 2 cm accuracy. RTK is a process where GPS signal correctionsare transmitted in real time from a reference receiver at a knownlocation to one or more remote rover receivers. The use of an RTKcapable GPS system can compensate for atmospheric delay, orbital errorsand other variables in GPS geometry, increasing positioning accuracy upto within a centimeter. Used by engineers, topographers, surveyors andother professionals, RTK is a technique employed in applications whereprecision is paramount. RTK is used, not only as a precision positioninginstrument, but also as a core for navigation systems or automaticmachine guidance, in applications such as civil engineering anddredging. It provides advantages over other traditional positioning andtracking methods, increasing productivity and accuracy. Using the codephase of GPS signals, as well as the carrier phase, which delivers themost accurate GPS information, RTK provides differential corrections toproduce the most precise GPS positioning.

Referring still to FIG. 1, in an embodiment of the present technology,the primary navigation receiver 20 can be implemented by using apseudolite. The pseudolite comprises a ground based radio positioningsystem working in any radio frequency including but not limited to theGPS frequencies and the ISM (industrial scientific medical) unlicensedoperation band, including 900 MHZ, 2.4 GHz, or 5.8 GHz bands ISM bands,or in a radio location band such as the (9.5-10) GHz band. Pseudolitescan be used for enhancing the GPS by providing increased accuracy,integrity, and availability. The complete description of the pseudolitetransmitters in GPS band can be found in “Global Positioning System:Theory and Applications”; Volume II, edited by Bradford W. Parkinson andJames J. Spilker Jr., and published in Volume 164 in “PROGRESS INASTRONAUTICS AND AERONAUTICS”, by American Institute of Aeronautics andAstronautics, Inc., in 1966. For the purposes of the present technology,the pseudolite manufactured by Locata (Canberra, Australia) andNovariant (Menlo Park, Calif.) can be used.

Referring still to FIG. 1, in an embodiment of the present technology,the primary navigation receiver 20 can be implemented by using TRE-G3T-EE6-band receiver that is capable of tracking E6 B/C signal from alllaunched Galileo satellites. E6 B/C signal can be used for real timeauthentication services depending on personal positioning, timing andvelocity information.

Indeed, a real time verified navigation can be enabled by using theCommercial Service of the EC Galileo program.

However, the threats from hackers such as spoofing and meaconing (theinterception and rebroadcast of navigation signals) need to be addressedto provide a real time verified antispoofing navigation.

Referring still to FIG. 1, in an embodiment of the present technology,the supplemental navigation device 22 is selected from the groupconsisting of: an Inertial Navigation System receiver, anaccelerometer-based navigation receiver, a magnetometer-based navigationreceiver, a cell phone-based navigation receiver, a Distance MeasurementInstrument comprising an Internal Rim DMI sensor (for car-relatedapplications), and a wheel rotating sensor (for car-relatedapplications).

An inertial navigation system (INS) is a navigation aid that uses acomputer, motion sensors (accelerometers) and rotation sensors(gyroscopes) to continuously calculate via dead reckoning the position,orientation, and velocity (direction and speed of movement) of a movingobject without the need for external references. It is used on vehiclessuch as ships, aircraft, submarines, guided missiles, and spacecraft.Other terms used to refer to inertial navigation systems or closelyrelated devices include inertial guidance system, inertial referenceplatform, inertial instrument, inertial measurement unit (IMU) and manyother variations.

An inertial navigation system includes at least a computer and aplatform or module containing accelerometers, gyroscopes, or othermotion-sensing devices. The INS is initially provided with its positionand velocity from another source (a human operator, a GPS satellitereceiver, etc.), and thereafter computes its own updated position andvelocity by integrating information received from the motion sensors.The advantage of an INS is that it requires no external references inorder to determine its position, orientation, or velocity once it hasbeen initialized.

An INS can detect a change in its geographic position (a move east ornorth, for example), a change in its velocity (speed and direction ofmovement), and a change in its orientation (rotation about an axis). Itdoes this by measuring the linear and angular accelerations applied tothe system. Since it requires no external reference (afterinitialization), it is immune to jamming and deception.

Referring still to FIG. 1, in an embodiment of the present technology,the supplemental navigation device 22 is implemented by using aninertial navigation system (INS) configured to detect the spoofing ofthe primary navigation receiver 20 as discussed in details below.

Referring still to FIG. 1, in an embodiment of the present technology,the supplemental navigation device 22 is implemented by using aplurality of gyroscopes and accelerometers and a processor.

A gyroscope is configured to measure the angular velocity of the systemin the inertial reference frame. By using the original orientation ofthe system in the inertial reference frame as the initial condition andintegrating the angular velocity, the system's current orientation isknown at all times. This can be thought of as the ability of ablindfolded passenger in a car to feel the car turn left and right ortilt up and down as the car ascends or descends hills. Based on thisinformation alone, the passenger knows what direction the car is facingbut not how fast or slow it is moving, or whether it is slidingsideways.

Accelerometers measure the linear acceleration of the system in theinertial reference frame, but in directions that can only be measuredrelative to the moving system (since the accelerometers are fixed to thesystem and rotate with the system, but are not aware of their ownorientation). This can be thought of as the ability of a blindfoldedpassenger in a car to feel themselves pressed back into their seat asthe vehicle accelerates forward or pulled forward as it slows down; andfeel themselves pressed down into their seat as the vehicle acceleratesup a hill or rise up out of their seat as the car passes over the crestof a hill and begins to descend. Based on this information alone, theyknow how the vehicle is accelerating relative to itself, that is,whether it is accelerating forward, backward, left, right, up (towardthe car's ceiling), or down (toward the car's floor) measured relativeto the car, but not the direction relative to the Earth, since they didnot know what direction the car was facing relative to the Earth whenthey felt the accelerations.

However, by tracking both the current angular velocity of the system andthe current linear acceleration of the system measured relative to themoving system, it is possible to determine the linear acceleration ofthe system in the inertial reference frame. Performing integration onthe inertial accelerations (using the original velocity as the initialconditions) using the correct kinematic equations yields the inertialvelocities of the system, and integration again (using the originalposition as the initial condition) yields the inertial position. In ourexample, if the blindfolded passenger knew how the car was pointed andwhat its velocity was before he was blindfolded, and if they are able tokeep track of both how the car has turned and how it has accelerated anddecelerated since, they can accurately know the current orientation,position, and velocity of the car at any time.

Referring still to FIG. 1, in an embodiment of the present technology,the supplemental navigation device 22 can be implemented by using atleast three accelerometers if location of the mobile platform 12 isdetermined independently by using, for example, other means, like atriangulation method.

Indeed, an accelerometer is a sensor that mathematically determinesacceleration over time by measuring the speed and by using a knowndistance. In an embodiment of the present technology, acceleration ofthe mobile platform 12 may be measured in each of three perpendiculardirections corresponding to the x, y, and z-axes of a Cartesiancoordinate system by using three accelerometers. The location of themobile platform can be further obtained by using at least three radiosignals transmitted from at least three radio towers.

Two or three accelerometers can be mounted orthogonal to one another andcan be used to measure the longitudinal acceleration axis and lateralacceleration axis. The tangential or longitudinal axis acceleration isintegrated once to obtain longitudinal speed and is integrated again toproduce a relative displacement. The lateral accelerometer measures thecentripetal force which is used to compute a centripetal or lateralacceleration. The lateral acceleration is used to obtain a headingchange derived from the lateral acceleration information and thelongitudinal speed. Using the heading change and the longitudinalacceleration, the improved navigation system propagates a previousposition of the mobile platform 12 to a current position of the mobileplatform 12. The third accelerometer provides pitch to assist incalibrating the other accelerometers or other sensors and in alteringthe longitudinal and/or lateral acceleration information.

In an embodiment of the present technology, accelerations of the mobileplatform 12 may be measured for six degrees-of-freedom by using a numberof accelerometers, wherein three accelerations may be measuredcorresponding to the x, y, and z-axes of a Cartesian coordinate system,and wherein three additional accelerations may be measured correspondingto pitch, roll, and rotation.

In an embodiment of the present technology, at least one accelerometeremployed by the supplemental navigation device 22 can be implemented byusing a relatively inexpensive (˜5) and having a relatively highresolution (50 micro gravities per root hertz) accelerometer based onsilicon-micro machined MEMS technology. This device exploits the changesin capacitance caused by the relative movement of moving and fixedstructures created in the silicon, using wafer-processing techniques.

STMicroelectronics (NYSE: STM) manufactures a MEMS-based three-axisaccelerometer device LIS3L02D that provides both three-axis sensing in asingle package and a digital output. This device is designed primarilyfor handheld terminals where it can be used to implement a motion-baseduser interface that is based on hand movements, allowing one-handedoperation without styli, thumb keyboards or other input devices. TheLIS3L02D includes a single-chip MEMS sensor chip plus a calibratedinterface chip that senses changes in capacitance in the sensor andtranslates them into SPI or I2C serial digital outputs. The LIS3L02Doperates on a 2.7 to 3.6 V supply voltage. The device has an equivalentnoise acceleration of better than 500 millionths of one ‘g’. Duringtransport and service it can withstand accelerations up to 3000 gwithout damage.

Most micromechanical accelerometers operate in-plane, that is, they aredesigned to be sensitive only to a direction in the plane of the die. Byintegrating two devices perpendicularly on a single die a two-axisaccelerometer can be made. By adding an additional out-of-plane devicethree axes can be measured. Such a combination may have much lowermisalignment error than three discrete models combined after packaging.

Micromechanical accelerometers are available in a wide variety ofmeasuring ranges, reaching up to thousands of g's. The designer mustmake a compromise between sensitivity and the maximum acceleration thatcan be measured.

In an embodiment of the present technology, the absolute location of themobile platform can be obtained by using the supplemental navigationdevice 22 comprising a cell phone and a triangulation correlationprocessor (not shown).

Mobile positioning, which includes location based service that disclosesthe actual coordinates of a mobile phone bearer, is a technology used bytelecommunication companies to approximate where a mobile phone, andthereby also its user (bearer), temporarily resides. The more properlyapplied term locating refers to the purpose rather than a positioningprocess. Such service is offered as an option of the class oflocation-based services (LBS).

Mobile phone tracking refers to the attaining of the current position ofa mobile phone, stationary or moving. Localization may occur either viatriangulation of radio signals between (several) radio towers of thenetwork and the phone. To locate the smart phone using triangulation ofradio signals, it must emit at least the roaming signal to contact thenext nearby antenna tower, but the process does not require an activecall. GSM is based on the signal strength to nearby antenna masts.

The technology of locating is based on measuring power levels andantenna patterns and uses the concept that a powered mobile phone alwayscommunicates wirelessly with one of the closest base stations, soknowledge of the location of the base station implies the cell phone isnearby.

Advanced systems determine the sector in which the mobile phone islocated and roughly estimate also the distance to the base station.Further approximation can be done by interpolating signals betweenadjacent antenna towers. Qualified services may achieve a precision ofdown to 50 meters in urban areas where mobile traffic and density ofantenna towers (base stations) is sufficiently high. Rural and desolateareas may see miles between base stations and therefore determinelocations less precisely.

GSM localization is the use of triangulation to determine the locationof GSM mobile phones, or dedicated trackers, usually with the intent tolocate the user. Localization-Based Systems can be broadly divided into:(i) network-based; (ii) handset-based; and (iii) SIM-based.

In order to route calls to a phone, the cell towers listen for a signalsent from the phone and negotiate which tower is best able tocommunicate with the phone. As the phone changes location, the antennatowers monitor the signal, and the phone is roamed to an adjacent toweras appropriate. By comparing the relative signal strength from multipleantenna towers, a general location of a phone can be roughly determined.Other means make use of the antenna pattern, which supports angulardetermination and phase discrimination.

Referring still to FIG. 1, in an embodiment of the present technology,the supplemental navigation device 22 can be implemented by using aDistance Measurement Instrument comprising an Internal Rim DMI sensor.

For example, manufactured by Trimble Ltd. Trimble Internal Rim DMI forAP GNSS-Inertial OEM Systems uses robust inductive proximity-sensingtechnology to provide consistent and accurate velocity information forthe constraint of inertial errors and improved overall navigationperformance in terrestrial applications. Internal Rim DMI is installedwithin the wheel well and does not protrude from the vehicle.

Polyurethane strip with embedded ferrous material targets isadhesive-backed for installation on inside of vehicle's wheel rim.Non-contact proximity sensor generates quadrature signal as the wheelturns. The Internal Rim DMI is ideal for permanent installation wherepreventing protrusions from vehicle's exterior is desirable.Proximity-sensing technology allows for reliable velocity determinationat all speeds with no dead-band effects.

Referring still to FIG. 1, in an embodiment of the present technology,if the mobile platform comprises a land vehicle, the supplementalnavigation device 22 can be implemented by using a wheel rotating sensor(a wheel speed sensor).

A wheel speed sensor or vehicle speed sensor (VSS) is a type oftachograph (Please, see discussion below). It is a sender device usedfor reading the speed of a vehicle's wheel rotation. It usually consistsof a toothed ring and pickup.

In land-based vehicles, wheel speed sensors are used in anti-lockbraking systems.

Many of the subsystems in a rail vehicle, such as a locomotive ormultiple units, depend on a reliable and precise rotary speed signal, insome cases as a measure of the speed or changes in the speed. Thisapplies in particular to traction control, but also to wheel slideprotection, registration, train control, door control and so on. Thesetasks are performed by a number of rotary speed sensors that may befound in various parts of the vehicle.

Although rail vehicles occasionally do use drives without sensors, mostneed a rotary speed sensor for their regulator system. The most commontype is a two-channel sensor that scans a toothed wheel on the motorshaft or gearbox and therefore does not require a bearing of its own.The target wheel can be provided especially for this purpose or may bealready present in the drive system.

Referring still to FIG. 1, in an embodiment of the present technology,as was discussed above, the supplemental navigation device 22 isconfigured to obtain a set of motion-related data associated with themobile platform 12 including the acceleration, velocity, and absolutelocation, that is immune to spoofing. This set of data is used in thepresent technology to enable verified antispoofing navigation of themobile platform, as fully disclosed below.

Referring still to FIG. 1, in an embodiment of the present technology,the verification navigation processor 26 is configured to verifyauthenticity of a set of primary measurements provided by the primarynavigation receiver 20 by using a set of supplemental measurementsprovided by the supplemental navigation device 22. The verificationnavigation processor 26 comprises a verification processor 30, analgorithm 32, and a memory block 34.

Referring still to FIG. 1, in an embodiment of the present technology,the verification processor 30 is implemented by using a general purposeprocessor or by using an ASIC (Application Specific Integrated Circuit).

Referring still to FIG. 1, in an embodiment of the present technology,the algorithm 32 is configured to combine a set of primary measurements(the flow of the set of primary measurements is indicated by arrow 24)provided by the primary navigation receiver 20 and a set of supplementalmeasurements (the flow of the set of supplemental measurements isindicated by arrow 26) provided by the supplemental navigation device 22in a blended solution to provide to relevant authorities 42 an outputcombined positioning signal 38 (using antenna 36) related to positioningof the mobile platform 12.

Referring still to FIG. 1, in an embodiment of the present technology,the algorithm 32 is configured to run an integrity process comprising atleast the following steps: (A) calculating a primary set of changes inposition and direction of the mobile platform 12 by using the set ofprimary measurements 24 provided by the primary navigation receiver 20;(B) calculating a supplemental set of changes in position and directionof the mobile platform 12 by using the set of supplemental measurements26 provided by the supplemental navigation device 22; (C) comparing theprimary set of changes in position and direction of the mobile platform12 and the supplemental set of changes in position and direction of themobile platform 12 and obtaining a set of differences in position anddirection of the mobile platform 12; (D) selecting in the set ofdifferences in position and direction of the mobile platform a subset ofcritical differences in position and direction of the mobile platformelements; wherein each critical difference in position and direction ofthe mobile platform exceeds a first predetermined threshold; (E) ifnumber of the critical differences exceeds a second predeterminedthreshold, detecting a spoofing message; and (F) communicating torelevant authorities 42 the detected spoofing message 38; wherein thespoofing message 38 informs relevant authorities that the primarynavigation receiver 20 is compromised and does not provide the truepositioning data of the mobile platform 12.

Example I The Mobile Platform 12 is a Race Car

The race is in a difficult terrain like in a Dakar Rally. The DakarRally (or simply “The Dakar”; formerly known as “The Paris-Dakar” or“Paris to Dakar Rally”) is an annual Dakar Series rally raid type ofoff-road race, organized by the Amaury Sport Organization. Most eventssince the inception in 1978 were from Paris, France, to Dakar, Senegal,but due to security threats in Mauritania, which led to the cancellationof the 2008 rally, the 2009 Dakar Rally was run in South America(Argentina and Chile). It was the first time the race took place outsideof Europe and Africa. It has stayed in South America from 2009 to thepresent (2013) The race is open to amateur and professional entries.Amateurs typically make up about eighty percent of the participants.

Despite its ‘rally’ name, it is an off-road endurance race, properlycalled a rally raid rather than a conventional rally. The terrain thatthe competitors traverse is much tougher and the vehicles used are trueoff-road vehicles rather than the modified on-road vehicles used inrallies. Most of the competitive special sections are off-road, crossingdunes, mud, camel grass, rocks among others. The distances of each stagecovered vary from short distances up to 800-900 kilometers (500-560 mi)per day.

Under the circumstances of this type of competition, a driver can beinduced to avoid the especially difficult part of the terrain andinstead drive on an easier road. To avoid suspension, a driver couldinstall the spoofing system in his car that would transmit to relevantauthorities 42 the assumed location of the car, whereas the actuallocation of the car is quite different.

If this car on this Rally is equipped with the apparatus for verifiedantispoofing navigation 14 of the present technology, the fraudulentbehavior of such car will be detected.

Indeed, let us select the primary navigation receiver 20 to beimplemented by using a Galileo Commercial Services (Galileo CS) E6frequency signals satellite receiver. Let us also select thesupplemental navigation device 22 from the group consisting of: anInertial Navigation System receiver; an accelerometer-based navigationreceiver; a magnetometer-based navigation receiver; a cell phone-basednavigation receiver; a Distance Measurement Instrument comprising anInternal Rim DMI sensor; and a wheel rotating sensor. Any of thesedevices is immune to spoofing radio signals and can accurately determinethe true position of the race car.

The issues are: (i) how to define the critical difference (the firstpredetermined threshold); and (ii) what is the critical number of thecritical differences (the second predetermined threshold)? All thesevalues are arbitrary and can be pre-installed in the algorithm 32 of theapparatus 14 of the present technology by the Rally Organizers as acondition of participation in the Rally.

Example II The Mobile Platform 121 s a Car Trying to Spoof its Locationto Avoid Paying Tolls while Travelling on a Private Road

Let us imagine that there are two roads between points A and B. Thefirst road is a new toll-road (with a toll booth at each exit) in a verygood condition, with pervious enhanced porosity concrete that caneffectively capture and store storm water runoff, thereby allowing therunoff to percolate into the ground. This road is the safest highway totravel in a poor (rainy and/or snowy) weather. The second road is a freeroad with an old concrete cover that does not capture nor does it storethe storm water. It is a very slippery and dangerous road, but it is afree road.

Let us further imagine that a dishonest driver would like to use thetoll road but does not want to pay the toll at the exit of the road. Thetoll-payment system is automatic and each car travelling on this roaduses the Galileo navigation receiver to determine its positioncoordinates and to transmit this information to the toll-paying system.

A dishonest driver can install a spoofing receiver that would transmitto the payment system the position of the car as it were travelling of afree road and thus escaping being charge a toll payment.

If this car is equipped with the apparatus for verified antispoofingnavigation 14 of the present technology, this kind of fraud will bedetected.

Indeed, let us select the primary navigation receiver 20 to beimplemented by using a Galileo Commercial Services (Galileo CS) E6frequency signals satellite receiver. Let us also select thesupplemental navigation device 22 from the group consisting of: anInertial Navigation System receiver; an accelerometer-based navigationreceiver; a magnetometer-based navigation receiver; a cell phone-basednavigation receiver; a Distance Measurement Instrument comprising anInternal Rim DMI sensor; and a wheel rotating sensor. Any of thesedevices is immune to spoofing radio signals and can accurately determinethe true position of the car.

The issues are the same: (i) how to define the critical difference (thefirst predetermined threshold); and (ii) what is the critical number ofthe critical differences (the second predetermined threshold)?

All these values depending on the topology of these two roads connectingtwo points A and B can be pre-installed in the algorithm 32 of theapparatus 14 of the present technology by the toll road administrationas a pre-condition of using the toll road.

Example III The Mobile Platform 121 s a Yacht Trying to Spoof itsLocation to Win a Yacht Racing

Yacht racing is a form of sport reserved for sailing vessels ofsubstantial size and weight. The phrase yacht racing typically refers toracing of large and often expensive vessels crewed by professionalsailors, as opposed to the more generic term sailboat racing which caninclude small vessels, dinghies and light craft.

As yacht racing became more prevalent, and yacht design more diverse, itwas necessary to establish systems of measurements and time allowancesdue to the differences in boat design. Longer yachts are inherentlyfaster than shorter ones; therefore, in the interests of fairness, inthe 1820s a “primitive system of time allowance was introduced on theSolent.” Larger yachts were handicapped; but owners with the biggestvessels had a problem with the allowance system, for they preferred thatcrossing the finish line first, much as in foot and horse races, shouldsuffice to win the contest. As a result both ratings and “one-design”competition were developed.

Ratings systems rely upon some formulaic analysis of usually veryspecific yacht-design parameters such as length, sail area,displacement, and hull shape. During the 1920s and through the 1970s theCruising Club of America established a formula by which mostracing/cruising boats were designed during that period. After itsdescendant, the mathematically complex International Offshore Rule (IOR)of the 1970s, contributed to much decreased seaworthiness (and evenspeed), the simpler Performance Handicap Racing Fleet (PHRF) system wasadopted. The PHRF uses only proven performance characteristics,especially theoretical sailing speed, as a means to allow dissimilaryachts—typically crewed by friends and families at clubs rather than byprofessional crews—to race together. Most popular family-orientedcruising sailboats will have a rating filed with a local chapter of thePHRF.

One-design racing is conducted with classes of similar boats, allbuilt—often via mass-production—to the same design, so that crew abilityand tactical expertise are more likely to decide a race than boat typeor even weather.

In general, modern yacht-racing contests are conducted according to theRacing Rules of Sailing, first established in 1928. Though complex, theRRS are intended primarily simply ensure fairness and safety. The Rulesare revised and updated every four years by the International SailingFederation.

The major races of today can be classified as offshore, ocean, aroundthe world, and inshore racing all adhering to one set of rule, butdiverse handicapping standards.

Let us focus on Offshore racing Fastnet—established in 1924 with 7boats, the race covers approximately 600 miles starting at Cowes on theIsle of Wight, rounding Fastnet rock on the southern coast of Ireland,and finishing at Plymouth.

Let us assume that one yachtsman decided to win this race by using aspoofing device that would transmit to the authorities that his yachthad rounded the Fastnet rock on the southern coast of Ireland, but inreality the yacht had not rounded the Fastnet rock to save the time andto win the race.

If this yacht is equipped with the apparatus for verified antispoofingnavigation 14 of the present technology, this kind of fraud will bedetected.

Indeed, let us select the primary navigation receiver 20 to beimplemented by using a Galileo Commercial Services (Galileo CS) E6frequency signals satellite receiver.

Let us also select the supplemental navigation device 22 from the groupconsisting of: an Inertial Navigation System receiver; anaccelerometer-based navigation receiver; and a magnetometer-basednavigation receiver. Any of these devices is immune to spoofing radiosignals and can accurately determine the true position of the yacht.

The issues are the same: (i) how to define the critical difference (thefirst predetermined threshold); and (ii) what is the critical number ofthe critical differences (the second predetermined threshold)?

All these values depending on the topology of this race can bepre-installed in the algorithm 32 of the apparatus 14 of the presenttechnology by the yacht race administration as a pre-condition ofparticipating in the race.

Example IV The Mobile Platform 12 is a Passenger Plane and the SpoofingSignal was Generated by a Smart Phone of a Security ResearcherDemonstrating at the Security Summit in Amsterdam how Easy it is to TakeOver the Plane

A presentation at the Hack In The Box security summit in Amsterdam onApr. 11, 2013, has demonstrated that it's possible to take control ofaircraft flight systems and communications using an Android smartphoneand some specialized attack code.

Hugo Teso, a security researcher at N.Runs and a commercial airlinepilot, spent three years developing the code, buying second-handcommercial flight system software and hardware online and findingvulnerabilities within it.

Teso's attack code, dubbed SIMON, along with an Android app calledPlaneSploit, can take full control of flight systems and the pilot'sdisplays. The hacked aircraft could even be controlled using asmartphone's accelerometer to vary its course and speed by moving thehandset about.

“You can use this system to modify approximately everything related tothe navigation of the plane,” Teso told Forbes. “That includes a lot ofnasty things.”

First, Teso looked at the Automatic Dependent Surveillance-Broadcast(ADS-B) system that updates ground controllers on an aircraft's positionover a 1 Mb/s data link. This has no security at all, he found, andcould be used to passively eavesdrop on an aircraft's communications andalso actively interrupt broadcasts or feed in misinformation.

Also vulnerable is the Aircraft Communications Addressing and ReportingSystem (ACARS), the communication relay used between pilots and groundcontrollers. Using a Samsung Galaxy handset, he demonstrated how to useACARS to redirect an aircraft's navigation systems to different mapcoordinates. “ACARS has no security at all. The airplane has no means toknow if the messages it receives are valid or not,” he said. “So theyaccept them and you can use them to upload data to the airplane thattriggers these vulnerabilities. And then it's game over.”

Teso was also able to use flaws in ACARS to insert code into a virtualaircraft's Flight Management System. By running the code between theaircraft's computer unit and the pilot's display he was able to takecontrol of what the aircrew would be seeing in the cockpit and changethe direction, altitude, and speed of the compromised craft.

He admitted that some of this was moot, given that the human pilot couldalways override the automatic systems, but the software could be used tomake cockpit displays go haywire or control other functions, likedeploying oxygen masks or lights.

The precise nature of the code flaws wasn't released—for understandablereasons—but Teso says the Federal Aviation Administration and theEuropean Aviation Safety Administration have both been informed and areworking on fixing the issue.

If this plane is equipped with the apparatus for verified anti-spoofingnavigation 14 of the present technology, the pilot would be able todifferentiate between the true navigational signals and spoofing signalsoriginated by a passenger having a properly encoded smartphone.

Indeed, let us select the primary navigation receiver 20 to beimplemented by using a Galileo Commercial Services (Galileo CS) E6frequency signals satellite receiver. Let us also select thesupplemental navigation device 22 from the group consisting of: anInertial Navigation System receiver; an accelerometer-based navigationreceiver; a magnetometer-based navigation receiver; and a cellphone-based navigation receiver. Any of these devices is immune tospoofing radio signals and can accurately determine the true position ofthe plane.

The issues are: (i) how to define the critical difference (the firstpredetermined threshold); and (ii) what is the critical number of thecritical differences (the second predetermined threshold)? All thesevalues are arbitrary and can be pre-installed in the algorithm 32 of theapparatus 14 of the present technology by the aviation administration asa condition of flying the plane.

In an embodiment of the present technology, FIG. 2 illustrates anapparatus 61 for authenticated verified antispoofing navigation.

In the embodiment of the present technology, the mobile platform 62 isselected from the group consisting of land vehicles: a car, a truck, atrain, and an earth moving vehicle.

in the embodiment of the present technology, the mobile platform 62 isselected from the group consisting of water vehicles: a boat, a yacht, awater sport vehicle.

In the embodiment of the present technology, the mobile platform 62 isselected from the group consisting of flying platforms: a lawenforcement drone, a military drone, a sports plane, and a passengerplane.

In the embodiment of the present technology, the apparatus for verifiedantispoofing navigation 61 comprises: a primary navigation receiver 70,a supplemental navigation device 72, an ID monitoring device 68, and averification and authentication navigation processor 80.

In an embodiment of the present technology, the primary navigationreceiver 70 is configured to receive navigation signals 65 by using anantenna 66 from a radio positioning system 64.

In an embodiment of the present technology, the radio positioning system64 is selected from the group consisting of: a Galileo navigationreceiver; a GPS navigation receiver: a GLONASS navigation receiver; aCompass navigation receiver; a Quasi-Zenith Satellite System (QZSS)navigation receiver; a combined multi-satellite navigation receiver; anda pseudolite navigation receiver. Please, see the detailed discussionabove.

Referring still to FIG. 2, in an embodiment of the present technology,the supplemental navigation device 72 is selected from the groupconsisting of: an Inertial Navigation System receiver, anaccelerometer-based navigation receiver, a magnetometer-based navigationreceiver, a cell phone-based navigation receiver, a Distance MeasurementInstrument comprising an Internal Rim DMI sensor (for car-relatedapplications), and a wheel rotating sensor (for car-relatedapplications). The detailed description of all modalities of thesesupplemental navigation devices were given above.

Referring still to FIG. 2, in an embodiment of the present technology,as was discussed above, the supplemental navigation device 72 isconfigured to obtain a set of motion-related data associated with themobile platform 62 including the acceleration, velocity, and absolutelocation, that is immune to spoofing. This set of data is used in thepresent technology to enable verified antispoofing navigation of themobile platform.

Referring still to FIG. 2, in an embodiment of the present technology,the verification processor 82, including an algorithm 84, and a memoryblock 86, is configured to verify authenticity of a set of primarymeasurements provided by the primary navigation receiver 79 and by usinga set of supplemental measurements provided by the supplementalnavigation device 72.

Referring still to FIG. 2, in an embodiment of the present technology,the verification processor 82 is implemented by using a general purposeprocessor or by using an ASIC (Application Specific Integrated Circuit).

Referring still to FIG. 2, in an embodiment of the present technology,the algorithm 84 is configured to combine a set of primary measurements(the flow of the set of primary measurements is indicated by arrow 74)provided by the primary navigation receiver 70 and a set of supplementalmeasurements (the flow of the set of supplemental measurements isindicated by arrow 78) provided by the supplemental navigation device 72in a blended solution to provide to relevant authorities 96 an outputcombined positioning signal 92 (using antenna 88) related to positioningof the mobile platform 62.

Referring still to FIG. 2, in an embodiment of the present technology,the algorithm 84 is configured to run an integrity process comprising atleast the following steps: (A) calculating a primary set of changes inposition and direction of the mobile platform 62 by using the set ofprimary measurements 74 provided by the primary navigation receiver 70;(B) calculating a supplemental set of changes in position and directionof the mobile platform 62 by using the set of supplemental measurements78 provided by the supplemental navigation device 72; (C) comparing theprimary set of changes in position and direction of the mobile platform62 and the supplemental set of changes in position and direction of themobile platform 62 and obtaining a set of differences in position anddirection of the mobile platform 62; (D) selecting in the set ofdifferences in position and direction of the mobile platform a subset ofcritical differences in position and direction of the mobile platformelements; wherein each critical difference in position and direction ofthe mobile platform exceeds a first predetermined threshold; (E) ifnumber of the critical differences exceeds a second predeterminedthreshold, detecting a spoofing message; and (F) communicating torelevant authorities 96 the detected spoofing message 92; wherein thespoofing message 92 informs relevant authorities that the primarynavigation receiver 70 is compromised and does not provide the truepositioning data of the mobile platform 62.

As was discussed above in details, definitions of the criticaldifference (the first predetermined threshold) and of the criticalnumber of the critical differences (the second predetermined threshold)strongly depends on applications and should be pre-installed intoalgorithm 84 by the relevant authorities 94.

Referring still to FIG. 2, in an embodiment of the present technology,the apparatus 61 for authenticated verified antispoofing navigationfurther comprises an identity monitoring device 68 configured to verifyidentity of a driver of the mobile platform by using a plurality of idparameters selected from the group consisting of: a set of fingerprints;a set of eye scans; a photo identification; and a voice identification.

Referring still to FIG. 2, in an embodiment of the present technology,the identity monitoring device 68 includes a live scan fingerprintingapparatus (not shown) that is configured to capture fingerprints andpalm prints of the driver of the mobile platform 62 electronically,without the need for the more traditional method of ink and paper.

In this embodiment of the present technology, the live scanfingerprinting apparatus inputs the obtained images of the fingerprintsinto the driver authentication navigation processor 83. The driverauthentication navigation processor 83 can be implemented by using anApplication Specific Integrated Circuit (ASIC).

In an embodiment of the present technology, the obtained images of thefingerprints can be checked against the relevant database 94 to makesure that the driver has no criminal record, if the criminal record isrelevant for the purposes of using the apparatus 61 for authenticatedverified antispoofing navigation.

Referring still to FIG. 2, in an embodiment of the present technology,the ID monitoring device 68 includes a retinal scan apparatus (notshown) that uses the unique patterns on a person's retina to identifythem. It is not to be confused with another ocular-based technology,iris recognition.

The human retina is a thin tissue composed of neural cells that islocated in the posterior portion of the eye. Because of the complexstructure of the capillaries that supply the retina with blood, eachperson's retina is unique. The network of blood vessels in the retina isso complex that even identical twins do not share a similar pattern.

Although retinal patterns may be altered in cases of diabetes, glaucomaor retinal degenerative disorders, the retina typically remainsunchanged from birth until death. Due to its unique and unchangingnature, the retina appears to be the most precise and reliablebiometric. Advocates of retinal scanning have concluded that it is soaccurate that its error rate is estimated to be only one in a million.

A biometric identifier known as a retinal scan is used to map the uniquepatterns of a person's retina. The blood vessels within the retinaabsorb light more readily than the surrounding tissue and are easilyidentified with appropriate lighting. A retinal scan is performed bycasting an unperceived beam of low-energy infrared light into a person'seye as they look through the scanner's eyepiece. This beam of lighttraces a standardized path on the retina. Because retinal blood vesselsare more absorbent of this light than the rest of the eye, the amount ofreflection varies during the scan. The pattern of variations isconverted to computer code and stored in a database.

In an embodiment of the present technology, the retinal scans apparatus(not shown) inputs images of patterns on a person's retina into thedriver's authentication navigation processor 83.

In an embodiment of the present technology, the obtained patterns on aperson's retina can be checked against the relevant database 94 to makesure that the driver has no criminal record, if the criminal record isrelevant for the purposes of using the apparatus 61.

For example, retinal scanning has been utilized by several governmentagencies including the FBI, CIA, and NASA. Retinal scanning has beenused in prisons, for ATM identity verification and the prevention ofwelfare fraud.

In an embodiment of the present technology, retinal scanning also can beused to check the medical history of the driver of the mobile platform62 if the medical history is relevant for the purposes of using theapparatus 61. For example, if a driver of the mobile platform 62 hastuberculosis he should be prohibited from driving a passenger bus.

Referring still to FIG. 2, in an embodiment of the present technology,the ID monitoring device 68 includes a voice recognition apparatus (notshown) that uses the speaking characteristics of the voice (voicebiometrics), also called voice recognition to identify the person.

Speaker recognition has a history dating back some four decades and usesthe acoustic features of speech that have been found to differ betweenindividuals. These acoustic patterns reflect both anatomy (e.g., sizeand shape of the throat and mouth) and learned behavioral patterns(e.g., voice pitch, speaking style). Speaker verification has earnedspeaker recognition its classification as a “behavioral biometric”.

There are two major applications of speaker recognition technologies andmethodologies. If the speaker claims to be of a certain identity and thevoice is used to verify this claim, this is called verification orauthentication. On the other hand, identification is the task ofdetermining an unknown speaker's identity.

The speaker verification is a 1:1 match where one speaker's voice ismatched to one template (also called a “voice print” or “voice model”)whereas the speaker identification is a 1:N match where the voice iscompared against N templates.

Each speaker recognition system has two phases: Enrollment andverification. During enrollment, the speaker's voice is recorded andtypically a number of features are extracted to form a voice print,template, or model. In the verification phase, a speech sample or“utterance” is compared against a previously created voice print. Foridentification systems, the utterance is compared against multiple voiceprints in order to determine the best match while verification systemscompare an utterance against a single voice print. Because of theprocess involved, verification is faster than identification.

Speaker recognition systems fall into two categories: text-dependent andtext-independent. If the text must be the same for enrollment andverification this is called text-dependent recognition. In atext-dependent system, prompts can either be common across all speakers(e.g.: a common pass phrase) or unique. In addition, the use ofshared-secrets (e.g.: passwords and PINs) or knowledge-based informationcan be employed in order to create a multi-factor authenticationscenario.

Text-independent systems are most often used for speaker identificationas they require very little if any cooperation by the speaker. In thiscase the text during enrollment and test is different. In fact, theenrollment may happen without the user's knowledge, as in the case formany forensic applications. As text-independent technologies do notcompare what was said at enrollment and verification, verificationapplications tend to also employ speech recognition to determine whatthe user is saying at the point of authentication. In text independentsystems both acoustics and speech analysis techniques are used.

The various technologies used to process and store voice prints includefrequency estimation, hidden Markov models, Gaussian mixture models,pattern matching algorithms, neural networks, matrix representation,Vector Quantization and decision trees. Some systems also use“anti-speaker” techniques, such as cohort models, and world models.

Ambient noise levels can impede both collections of the initial andsubsequent voice samples. Noise reduction algorithms can be employed toimprove accuracy, but incorrect application can have the oppositeeffect.

Performance degradation can result from changes in behavioral attributesof the voice and from enrolment using one telephone and verification onanother telephone (cross channel). Integration with two-factorauthentication products is expected to increase. Voice changes due toageing may impact system performance over time. Some systems adapt thespeaker models after every successful verification to capture suchlong-term changes in the voice, though there is debate regarding theoverall security impact imposed by automated adaptation.

Referring still to FIG. 2, in an embodiment of the present technology,the ID monitoring device 68 includes a tachograph (not shown). Atachograph is a device fitted to a vehicle that automatically recordsits speed and distance, together with the driver's activity selectedfrom a choice of modes. The drive mode is activated automatically whenthe vehicle is in motion, and modern tachograph heads usually default tothe other work mode upon coming to rest. The rest and availability modescan be manually selected by the driver whilst stationary.

A tachograph system comprises a sender unit mounted to the vehiclegearbox, the tachograph head and a recording medium. Tachograph headsare of either analogue or digital types. All relevant vehiclesmanufactured since 1 May 2006 must be fitted with digital tachographheads. The recording medium for analogue heads are wax coated paperdiscs, and for digital heads are digital driver cards containing amicrochip with flash memory. Digital driver cards store data as a .dddfile that can be imported into tachograph analysis software. Drivers arelegally required to accurately record their activities, retain therecords and produce them on demand to transport authorities who arecharged with enforcing regulations governing drivers' working hours.They are also used in the maritime world. Rules for this in Germany aremade by the Central Commission for Navigation on the Rhine.

Referring still to FIG. 2, in an embodiment of the present technology,if the ID monitoring device 68 includes a tachograph (not shown), thedriver authentication navigation processor 83 is configured to providethe driving and rest times of the driver of the mobile platform 62 torelevant authorities 96.

Indeed, within the European Union, EU Regulation 561/2006 is the currentregulation concerning the driving times, breaks and rest periodsrequired to be taken by drivers of goods or passenger vehicles who drivein the EU. In certain circumstances, drivers may be exempt from EURegulation 561/2006 throughout the EU, or there may be derogation forthe driver on a national journey within a particular country.

If the vehicle has passed through an AETR signatory country during thecourse of its journey then it will fall within scope of AETR rules forthe whole of that journey. Since September 2010, AETR rules have beenamended to align closely with EU Regulation 561/2006. Under certaincircumstances, drivers may instead fall within scope of the domesticrules of that country.

In addition to the above requirements, drivers in the EU must also abidewith the European Working Time Directive 2003/88/EC.

As shown in the flow chart 100 of FIG. 3, in an embodiment of thepresent technology, in operation, the apparatus 14 for verifiedantispoofing navigation performed the following general steps by usingthe algorithm 32.

In an embodiment of the present technology, at step 104, a primary setof changes in position and direction of the mobile platform 12 iscalculated by using the set of primary measurements 24 provided by theprimary navigation receiver 20.

In an embodiment of the present technology, at step 106, a supplementalset of changes in position and direction of the mobile platform 12 iscalculated by using the set of supplemental measurements 26 provided bythe supplemental navigation device 22.

In an embodiment of the present technology, at step 108, the primary setof changes in position and direction of the mobile platform 12 and thesupplemental set of changes in position and direction of the mobileplatform 12; are compared, and a set of differences in position anddirection of the mobile platform 12 are obtained.

In an embodiment of the present technology, at step 110, a subset ofcritical differences in position and direction of the mobile platformelements is selected from the set of differences in position anddirection of the mobile platform 12; wherein each critical difference inposition and direction of the mobile platform exceeds a firstpredetermined threshold. The first predetermined threshold isapplication-specific and can be provided by the relevant authorities 42and pre-installed in the algorithm 32 for each specific application.

In an embodiment of the present technology, if the test condition 112 issatisfied (logical arrow 116), that is if the number of the criticaldifferences exceeds a second predetermined threshold (that is alsodetermined by authorities 42 depending on a specific application, as wasdiscussed above); a spoofing message is detected (step 118).

In an embodiment of the present technology, at step 120, the detectedspoofing message 38 is communicated to relevant authorities 42. Thespoofing message 38 informs relevant authorities that the primarynavigation receiver 20 is compromised and does not provide the truepositioning data of the mobile platform 12.

In an embodiment of the present technology, at step 122, the detectedspoofing message 38 can be sent to the relevant database 44 in anattempt to identify the source of the spoofing message.

The flow chart 100 of FIG. 3 (steps 104-122), in an embodiment of thepresent technology, partially also describes the operation of theapparatus 61 for verified antispoofing navigation (without theauthentication of the identity of a driver).

Additional step 124 of the flow chart 100 of FIG. 3 describes the stepof authentication the driver by using the ID monitoring device 68 (ofFIG. 2) and by using the driver authentication navigation processor 83(as was disclosed above).

The above discussion has set forth the operation of various exemplarysystems and devices, as well as various embodiments pertaining toexemplary methods of operating such systems and devices. In variousembodiments, one or more steps of a method of implementation are carriedout by a processor under the control of computer-readable andcomputer-executable instructions. Thus, in some embodiments, thesemethods are implemented via a computer.

In an embodiment, the computer-readable and computer-executableinstructions may reside on computer useable/readable media.

Therefore, one or more operations of various embodiments may becontrolled or implemented using computer-executable instructions, suchas program modules, being executed by a computer. Generally, programmodules include routines, programs, objects, components, datastructures, etc., that perform particular tasks or implement particularabstract data types. In addition, the present technology may also bepracticed in distributed computing environments where tasks areperformed by remote processing devices that are linked through acommunications network. In a distributed computing environment, programmodules may be located in both local and remote non-transitorycomputer-storage media including memory-storage devices.

Although specific steps of exemplary methods of implementation aredisclosed herein, these steps are examples of steps that may beperformed in accordance with various exemplary embodiments. That is,embodiments disclosed herein are well suited to performing various othersteps or variations of the steps recited. Moreover, the steps disclosedherein may be performed in an order different than presented, and notall of the steps are necessarily performed in a particular embodiment.

Although various electronic and software based systems are discussedherein, these systems are merely examples of environments that might beutilized, and are not intended to suggest any limitation as to the scopeof use or functionality of the present technology. Neither should suchsystems be interpreted as having any dependency or relation to any oneor combination of components or functions illustrated in the disclosedexamples.

Although the subject matter has been described in a language specific tostructural features and/or methodological acts, the subject matterdefined in the appended claims is not necessarily limited to thespecific features or acts described above. Rather, the specific featuresand acts described above are disclosed as exemplary forms ofimplementing the claims.

1. an apparatus for verified antispoofing navigation comprising: aprimary navigation receiver mounted on a mobile platform; said primarynavigation receiver configured to provide a set of primary measurementsrelated to positioning of said mobile platform; a supplementalnavigation receiver mounted on said mobile platform; said supplementalnavigation receiver configured to provide a set of supplementalmeasurements related to positioning of said mobile platform; and averification navigation processor mounted on said mobile platform; saidverification navigation processor configured to verify authenticity ofsaid set of primary measurements provided by said primary navigationreceiver by using said set of supplemental measurements provided by saidsupplemental navigation receiver.
 2. The apparatus of claim 1; whereinsaid primary navigation receiver is selected from the group consistingof: a Galileo navigation receiver; a GPS navigation receiver: a GLONASSnavigation receiver; a Compass navigation receiver; a Quasi-ZenithSatellite System (QZSS) navigation receiver; a combined multi-satellitenavigation receiver; and a pseudolite navigation receiver.
 3. Theapparatus of claim 2; wherein said GPS navigation receiver is selectedfrom the group consisting of: an autonomous GPS satellite navigationreceiver; a differential GPS satellite navigation receiver; and an RTKGPS satellite navigation receiver.
 4. The apparatus of claim 2; whereinsaid Galileo receiver comprises: a Galileo Commercial Services (GalileoCS) E6 frequency signals satellite navigation receiver configured toreceive Galileo Commercial Services (Galileo CS) E6 frequency signals.5. The apparatus of claim 1; wherein said supplemental navigationreceiver is selected from the group consisting of: an InertialNavigation System receiver; an accelerometer-based navigation receiver;a magnetometer-based navigation receiver; a cell phone-based navigationreceiver; a Distance Measurement Instrument comprising an Internal RimDMI sensor; and a wheel rotating sensor.
 6. The apparatus of claim 1;wherein said verification navigation processor further comprises: analgorithm configured to combine said set of primary measurementsprovided by said primary navigation receiver and said set ofsupplemental measurements provided by said supplemental navigationreceiver in a blended solution to provide an output combined positioningsignal related to positioning of said mobile platform.
 7. The apparatusof claim 1; wherein said verification navigation processor furthercomprises: an algorithm configured to run an integrity processcomprising at least the following steps: (A) calculating a primary setof changes in position and direction of said mobile platform by usingsaid set of primary measurements provided by said primary navigationreceiver; (B) calculating a supplemental set of changes in position anddirection of said mobile platform by using said set of supplementalmeasurements provided by said supplemental navigation receiver; (C)comparing said primary set of changes in position and direction of saidmobile platform and said supplemental set of changes in position anddirection of said mobile platform and obtaining a set of differences inposition and direction of said mobile platform; (D) selecting in saidset of differences in position and direction of said mobile platform asubset of critical differences in position and direction of said mobileplatform elements; wherein each said critical difference in position anddirection of said mobile platform exceeds a first predeterminedthreshold; (E) if number of said critical differences exceeds a secondpredetermined threshold, detecting a spoofing message; and (F)communicating to relevant authorities said detected spoofing message;wherein said spoofing message informs relevant authorities that saidprimary navigation receiver is compromised and does not provide the truepositioning data of said mobile platform.
 8. An apparatus forauthenticated verified antispoofing navigation comprising: a primarynavigation receiver mounted on a mobile platform; said primarynavigation receiver configured to provide a set of primary measurementsrelated to positioning of said mobile platform; a supplementalnavigation receiver mounted on said mobile platform; said supplementalnavigation receiver configured to provide a set of supplementalmeasurements related to positioning of said mobile platform; an identitymonitoring device configured to verify an identity of a driver of saidmobile platform; and a verification and authentication navigationprocessor mounted on said mobile platform further comprising averification navigation processor configured to verify authenticity ofsaid set of primary measurements provided by said primary navigationreceiver by using said set of supplemental measurements provided by saidsupplemental navigation receiver; and a driver authentication navigationprocessor configured to provide the driving and rest times of saiddriver to relevant authorities.
 9. The apparatus of claim 8; whereinsaid primary navigation receiver is selected from the group consistingof: a Galileo navigation receiver; a GPS navigation receiver: a GLONASSnavigation receiver; a Compass navigation receiver; a Quasi-ZenithSatellite System (QZSS) navigation receiver; a combined multi-satellitenavigation receiver; and a pseudolite navigation receiver.
 10. Theapparatus of claim 9; wherein said GPS navigation receiver is selectedfrom the group consisting of: an autonomous GPS satellite navigationreceiver; a differential GPS satellite navigation receiver; and an RTKGPS satellite navigation receiver.
 11. The apparatus of claim 9; whereinsaid Galileo receiver comprises: a Galileo Commercial Services (GalileoCS) E6 frequency signals satellite navigation receiver configured toreceive Galileo Commercial Services (Galileo CS) E6 frequency signals.12. The apparatus of claim 8; wherein said supplemental navigationreceiver is selected from the group consisting of: an InertialNavigation System receiver; an accelerometer-based navigation receiver;a magnetometer-based navigation receiver; a cell phone-based navigationreceiver; a Distance Measurement Instrument comprising an Internal RimDMI sensor; and a wheel rotating sensor.
 13. The apparatus of claim 8;wherein said verification navigation processor further comprises: analgorithm configured to combine said set of primary measurementsprovided by said primary navigation receiver and said set ofsupplemental measurements provided by said supplemental navigationreceiver in a blended solution to provide an output combined positioningsignal related to positioning of said mobile platform.
 14. The apparatusof claim 8; wherein said identity monitoring device is configured toverify an identity of a driver of said mobile platform by using aplurality of id parameters selected from the group consisting of: a setof fingerprints; a set of eye scans; a photo identification; and a voiceidentification.
 15. The apparatus of claim 8; wherein said verificationnavigation processor further comprises: an algorithm configured to runan integrity process comprising at least the following steps: (A)calculating a primary set of changes in position and direction of saidmobile platform by using said set of primary measurements provided bysaid primary navigation receiver; (B) calculating a supplemental set ofchanges in position and direction of said mobile platform by using saidset of supplemental measurements provided by said supplementalnavigation receiver; (C) comparing said primary set of changes inposition and direction of said mobile platform and said supplemental setof changes in position and direction of said mobile platform andobtaining a set of differences in position and direction of said mobileplatform; (D) selecting in said set of differences in position anddirection of said mobile platform a subset of critical differences inposition and direction of said mobile platform elements; wherein eachsaid critical difference in position and direction of said mobileplatform exceeds a first predetermined threshold; (E) if number of saidcritical differences exceeds a second predetermined threshold, detectingand recording a spoofing message; and (F) communicating to relevantauthorities that said primary navigation receiver is compromised anddoes not provide the true positioning data of said mobile platform. 16.The apparatus of claim 8; wherein said driver authentication navigationprocessor configured to provide the driving and rest times of saiddriver to relevant authorities further comprises: a tachograph.
 17. Amethod of verified antispoofing navigation comprising: (A) calculating aprimary set of changes in position and direction of a mobile platform byusing a set of primary measurements provided by a primary navigationreceiver; (B) calculating a supplemental set of changes in position anddirection of said mobile platform by using a set of supplementalmeasurements provided by a supplemental navigation receiver; (C)comparing said primary set of changes in position and direction of saidmobile platform and said supplemental set of changes in position anddirection of said mobile platform and obtaining a set of differences inposition and direction of said mobile platform; (D) selecting in saidset of differences in position and direction of said mobile platform asubset of critical differences in position and direction of said mobileplatform elements; wherein each said critical difference in position anddirection of said mobile platform exceeds a first predeterminedthreshold; (E) if a number of said critical differences exceeds a secondpredetermined threshold, detecting a spoofing message; and (F)communicating to relevant authorities said detected spoofing message;wherein said spoofing message informs relevant authorities that saidprimary navigation receiver is compromised and does not provide the truepositioning data of said mobile platform.
 18. The method of claim 17further comprising: (G) consulting a relevant database to identify asource of said spoofing message.
 19. The method of claim 17 furthercomprising: (H) using a driver authentication navigation processor toprovide the driving and rest times of a driver of said mobile platformto relevant authorities.
 20. (canceled)
 21. (canceled)